[apt.git] / test / integration / test-apt-key

#!/bin/sh
set -e

# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
# confuses config parser as there exists no way of escaping " currently.
#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

# start from a clean plate again
cleanplate() {
	rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
	mkdir rootdir/etc/apt/trusted.gpg.d/
}
testmultigpg() {
	testfailure --nomsg aptkey --quiet --readonly "$@"
	testsuccess grep "^gpgv: Can't check signature" rootdir/tmp/testfailure.output
	testsuccess grep '^gpgv: Good signature from' rootdir/tmp/testfailure.output
}

echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf

testrun() {
	cleanplate
	ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg

	msgtest 'Check that paths in list output are not' 'double-slashed'
	aptkey list 2>&1 | grep -q '//' && msgfail || msgpass

	msgtest 'Check that paths in finger output are not' 'double-slashed'
	aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
	testaptkeys 'Joe Sixpack'

	testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1' aptkey --fakeroot update

	testaptkeys 'Joe Sixpack'
	testfailure test -e rootdir/etc/apt/trusted.gpg

	testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
	msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
	if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
		msgpass
	else
		msgfail
	fi

	testaptkeys 'Rex Expired' 'Joe Sixpack'

	msgtest 'Check that Sixpack key can be' 'exported'
	aptkey export 'Sixpack' > aptkey.export
	aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
	testsuccess --nomsg cmp aptkey.export aptkey.exportall
	testsuccess test -s aptkey.export
	testsuccess test -s aptkey.exportall

	msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
	testsuccess --nomsg aptkey --fakeroot update

	testaptkeys 'Joe Sixpack'

	msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
	testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE

	testaptkeys 'Joe Sixpack'

	testsuccess aptkey --fakeroot del DBAC8DAE
	testempty aptkey list

	msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
	testempty aptkey list

	msgtest 'Test key removal with' 'single key in real file'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'different key specs'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
	testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
	testsuccess cmp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg~

	msgtest 'Test key removal with' 'long key ID'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'fingerprint'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'single key in softlink'
	cleanplate
	ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	cleanplate
	testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
	ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
	testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
	testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
	cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse

	msgtest 'Test key removal with' 'multi key in real file'
	cleanplate
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'Marvin Paranoid'
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	msgtest 'Test key removal with' 'multi key in softlink'
	cleanplate
	ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'Marvin Paranoid'
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
	testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	msgtest 'Test key removal with' 'multiple files including key'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'Marvin Paranoid'
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
	msgtest 'Test merge-back of' 'added keys'
	testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
	testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'

	msgtest 'Test merge-back of' 'removed keys'
	testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
	testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'

	msgtest 'Test merge-back of' 'removed duplicate keys'
	testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
	testaptkeys 'Marvin Paranoid'

	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	msgtest 'Test signing a file' 'with a key'
	echo 'Verify me. This is my signature.' > signature
	testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
		adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
	testsuccess test -s signature.gpg -a -s signature

	for GPGV in '' 'gpgv' 'gpgv2'; do
		echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd

		msgtest 'Test verify a file' 'with all keys'
		testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature

		msgtest 'Test verify a file' 'with good keyring'
		testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with bad keyring'
		testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with non-existing keyring'
		testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
		testfailure test -e keys/does-not-exist.pub

		# note: this isn't how apts gpgv method implements keyid for verify
		msgtest 'Test verify a file' 'with good keyid'
		testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with bad keyid'
		testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with non-existing keyid'
		testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature

		msgtest 'Test verify fails on' 'bad file'
		echo 'lalalalala' > signature2
		testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
	done
	rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd

	msgtest 'Test verify a file' 'with good keyring'
	testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature

	cleanplate
	cat keys/joesixpack.pub keys/marvinparanoid.pub > keys/double.pub
	cat keys/joesixpack.sec keys/marvinparanoid.sec > keys/double.sec
	cp -a keys/double.pub rootdir/etc/apt/trusted.gpg.d/double.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess aptkey --quiet --keyring keys/double.pub --secret-keyring keys/double.sec --readonly \
		adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output signature.gpg signature
	testsuccess test -s signature.gpg -a -s signature

	for GPGV in '' 'gpgv' 'gpgv2'; do
		echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd

		msgtest 'Test verify a doublesigned file' 'with all keys'
		testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature

		msgtest 'Test verify a doublesigned file' 'with good keyring joe'
		testmultigpg --keyring keys/joesixpack.pub verify signature.gpg signature

		msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
		testmultigpg --keyring keys/marvinparanoid.pub verify signature.gpg signature

		msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
		testfailure --nomsg aptkey --quiet --readonly --keyring keys/rexexpired.pub verify signature.gpg signature

		msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
		testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
		testfailure test -e keys/does-not-exist.pub

		# note: this isn't how apts gpgv method implements keyid for verify
		msgtest 'Test verify a doublesigned file' 'with good keyid'
		testmultigpg --keyid 'Paranoid' verify signature.gpg signature

		msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
		testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify signature.gpg signature

		msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
		testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature

		msgtest 'Test verify fails on' 'bad doublesigned file'
		echo 'lalalalala' > signature2
		testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
	done
	rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
}

setupgpgcommand() {
	echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
	msgmsg 'Force tests to be run with' "$1"
	testsuccess aptkey --readonly adv --version
	cp rootdir/tmp/testsuccess.output aptkey.version
	testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
}

# run with default (whatever this is)
testrun
# run with …
setupgpgcommand 'gpg' '1'
testrun
setupgpgcommand 'gpg2' '2'
testrun
Commit	Line	Data
80f3aeb0 DK	1	#!/bin/sh
	2	set -e
	3
bc8f83a5 DK	4	# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
	5	# confuses config parser as there exists no way of escaping " currently.
	6	#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man \| head -n1 \| cut -d' ' -f 1)\$!"
	7	# gpg doesn't like \| in path names – documented e.g. in the man gpg2 --agent-program
	8	#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man \| head -n1 \| cut -d' ' -f 1)\$!"
	9	TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
	10
3abb6a6a DK	11	TESTDIR="$(readlink -f "$(dirname "$0")")"
3abb6a6a DK	12	. "$TESTDIR/framework"
80f3aeb0 DK	13
	14	setupenvironment
	15	configarchitecture 'amd64'
	16
93d0d08c DK	17	# start from a clean plate again
	18	cleanplate() {
	19	rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
	20	mkdir rootdir/etc/apt/trusted.gpg.d/
	21	}
fb7b11eb DK	22	testmultigpg() {
	23	testfailure --nomsg aptkey --quiet --readonly "$@"
	24	testsuccess grep "^gpgv: Can't check signature" rootdir/tmp/testfailure.output
	25	testsuccess grep '^gpgv: Good signature from' rootdir/tmp/testfailure.output
	26	}
80f3aeb0 DK	27
	28	echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
	29	APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
	30
93d0d08c DK	31	testrun() {
93d0d08c DK	32	cleanplate
fecfbf2e	33	ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
80f3aeb0	34
93d0d08c DK	35	msgtest 'Check that paths in list output are not' 'double-slashed'
93d0d08c DK	36	aptkey list 2>&1 \| grep -q '//' && msgfail \|\| msgpass
80f3aeb0	37
93d0d08c DK	38	msgtest 'Check that paths in finger output are not' 'double-slashed'
93d0d08c DK	39	aptkey finger 2>&1 \| grep -q '//' && msgfail \|\| msgpass
f14cde2c	40	testaptkeys 'Joe Sixpack'
80f3aeb0	41
25b86db1	42	testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
93d0d08c DK	43	gpg: Total number processed: 1
93d0d08c DK	44	gpg: unchanged: 1' aptkey --fakeroot update
80f3aeb0	45
f14cde2c	46	testaptkeys 'Joe Sixpack'
e52aad52	47	testfailure test -e rootdir/etc/apt/trusted.gpg
f14cde2c	48
93d0d08c	49	testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
8b32e72c DK	50	msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
	51	if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
	52	msgpass
	53	else
	54	msgfail
	55	fi
04937adc	56
f14cde2c	57	testaptkeys 'Rex Expired' 'Joe Sixpack'
04937adc	58
38005d8b DK	59	msgtest 'Check that Sixpack key can be' 'exported'
	60	aptkey export 'Sixpack' > aptkey.export
	61	aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
	62	testsuccess --nomsg cmp aptkey.export aptkey.exportall
	63	testsuccess test -s aptkey.export
	64	testsuccess test -s aptkey.exportall
	65
93d0d08c DK	66	msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
	67	testsuccess --nomsg aptkey --fakeroot update
	68
f14cde2c	69	testaptkeys 'Joe Sixpack'
93d0d08c DK	70
	71	msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
	72	testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
	73
f14cde2c	74	testaptkeys 'Joe Sixpack'
93d0d08c DK	75
	76	testsuccess aptkey --fakeroot del DBAC8DAE
	77	testempty aptkey list
	78
b0d40854	79	msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
05f64ca2 DK	80	cleanplate
	81	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	82	testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
	83	testempty aptkey list
	84
93d0d08c DK	85	msgtest 'Test key removal with' 'single key in real file'
	86	cleanplate
	87	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	88	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	89	testempty aptkey list
e52aad52	90	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c DK	91	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
93d0d08c DK	92
031a3f25 DK	93	msgtest 'Test key removal with' 'different key specs'
	94	cleanplate
	95	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	96	cp -a keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
	97	testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
	98	testempty aptkey list
	99	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	100	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
	101	testfailure test -e rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
	102	testsuccess cmp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg~
	103
29f1b977 JM	104	msgtest 'Test key removal with' 'long key ID'
	105	cleanplate
	106	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	107	testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
	108	testempty aptkey list
e52aad52	109	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
29f1b977 JM	110	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
29f1b977 JM	111
ba72845c DK	112	msgtest 'Test key removal with' 'fingerprint'
	113	cleanplate
	114	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	115	testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
	116	testempty aptkey list
e52aad52	117	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
ba72845c DK	118	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
ba72845c DK	119
93d0d08c DK	120	msgtest 'Test key removal with' 'single key in softlink'
93d0d08c DK	121	cleanplate
fecfbf2e	122	ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c DK	123	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
93d0d08c DK	124	testempty aptkey list
e52aad52	125	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c DK	126	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
	127
	128	cleanplate
	129	testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
fecfbf2e DK	130	ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
fecfbf2e DK	131	testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
f14cde2c	132	testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
93d0d08c DK	133	cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
	134
	135	msgtest 'Test key removal with' 'multi key in real file'
	136	cleanplate
	137	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	138	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
f14cde2c	139	testaptkeys 'Marvin Paranoid'
93d0d08c DK	140	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
	141
	142	msgtest 'Test key removal with' 'multi key in softlink'
	143	cleanplate
fecfbf2e	144	ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
93d0d08c	145	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
f14cde2c	146	testaptkeys 'Marvin Paranoid'
93d0d08c	147	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
e52aad52	148	testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
93d0d08c DK	149	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
	150
	151	msgtest 'Test key removal with' 'multiple files including key'
	152	cleanplate
	153	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	154	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	155	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
f14cde2c	156	testaptkeys 'Marvin Paranoid'
e52aad52	157	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c DK	158	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
93d0d08c DK	159	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
0dae96a2 DK	160
	161	cleanplate
	162	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	163	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
f14cde2c	164	testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
0dae96a2 DK	165	msgtest 'Test merge-back of' 'added keys'
0dae96a2 DK	166	testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
f14cde2c	167	testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
0dae96a2 DK	168
	169	msgtest 'Test merge-back of' 'removed keys'
	170	testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
f14cde2c	171	testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
0dae96a2 DK	172
	173	msgtest 'Test merge-back of' 'removed duplicate keys'
	174	testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
f14cde2c	175	testaptkeys 'Marvin Paranoid'
b0d40854 DK	176
	177	cleanplate
	178	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	179	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	180	msgtest 'Test signing a file' 'with a key'
	181	echo 'Verify me. This is my signature.' > signature
	182	testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
	183	adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
bc8f83a5	184	testsuccess test -s signature.gpg -a -s signature
b0d40854	185
25f27319	186	for GPGV in '' 'gpgv' 'gpgv2'; do
f14cde2c DK	187	echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
	188
	189	msgtest 'Test verify a file' 'with all keys'
	190	testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
b0d40854	191
f14cde2c DK	192	msgtest 'Test verify a file' 'with good keyring'
f14cde2c DK	193	testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
b0d40854	194
f14cde2c DK	195	msgtest 'Test fail verify a file' 'with bad keyring'
f14cde2c DK	196	testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
b0d40854	197
f14cde2c DK	198	msgtest 'Test fail verify a file' 'with non-existing keyring'
	199	testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
	200	testfailure test -e keys/does-not-exist.pub
b0d40854	201
4e03c47d	202	# note: this isn't how apts gpgv method implements keyid for verify
f14cde2c DK	203	msgtest 'Test verify a file' 'with good keyid'
f14cde2c DK	204	testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
b0d40854	205
f14cde2c DK	206	msgtest 'Test fail verify a file' 'with bad keyid'
f14cde2c DK	207	testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
b0d40854	208
f14cde2c DK	209	msgtest 'Test fail verify a file' 'with non-existing keyid'
	210	testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
	211
	212	msgtest 'Test verify fails on' 'bad file'
	213	echo 'lalalalala' > signature2
	214	testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
	215	done
fb7b11eb DK	216	rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
	217
	218	msgtest 'Test verify a file' 'with good keyring'
	219	testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
	220
	221	cleanplate
	222	cat keys/joesixpack.pub keys/marvinparanoid.pub > keys/double.pub
	223	cat keys/joesixpack.sec keys/marvinparanoid.sec > keys/double.sec
	224	cp -a keys/double.pub rootdir/etc/apt/trusted.gpg.d/double.gpg
	225	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	226	testsuccess aptkey --quiet --keyring keys/double.pub --secret-keyring keys/double.sec --readonly \
	227	adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output signature.gpg signature
	228	testsuccess test -s signature.gpg -a -s signature
	229
	230	for GPGV in '' 'gpgv' 'gpgv2'; do
	231	echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
	232
	233	msgtest 'Test verify a doublesigned file' 'with all keys'
	234	testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
	235
	236	msgtest 'Test verify a doublesigned file' 'with good keyring joe'
	237	testmultigpg --keyring keys/joesixpack.pub verify signature.gpg signature
	238
	239	msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
	240	testmultigpg --keyring keys/marvinparanoid.pub verify signature.gpg signature
	241
	242	msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
	243	testfailure --nomsg aptkey --quiet --readonly --keyring keys/rexexpired.pub verify signature.gpg signature
	244
	245	msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
	246	testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
	247	testfailure test -e keys/does-not-exist.pub
	248
	249	# note: this isn't how apts gpgv method implements keyid for verify
	250	msgtest 'Test verify a doublesigned file' 'with good keyid'
	251	testmultigpg --keyid 'Paranoid' verify signature.gpg signature
	252
	253	msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
	254	testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify signature.gpg signature
	255
	256	msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
	257	testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
	258
	259	msgtest 'Test verify fails on' 'bad doublesigned file'
	260	echo 'lalalalala' > signature2
	261	testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
	262	done
	263	rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
93d0d08c	264	}
04937adc	265
93d0d08c DK	266	setupgpgcommand() {
93d0d08c DK	267	echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
f14cde2c DK	268	msgmsg 'Force tests to be run with' "$1"
	269	testsuccess aptkey --readonly adv --version
	270	cp rootdir/tmp/testsuccess.output aptkey.version
fecfbf2e	271	testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
04937adc DK	272	}
04937adc DK	273
93d0d08c DK	274	# run with default (whatever this is)
	275	testrun
	276	# run with …
fecfbf2e	277	setupgpgcommand 'gpg' '1'
93d0d08c	278	testrun
fecfbf2e	279	setupgpgcommand 'gpg2' '2'
93d0d08c	280	testrun